Sprinto DashboardAPI Reference

JAMF – Extended Checks for Screen Lock

Learn how to configure JAMF to enable Sprinto to automatically monitor screen lock status on staff devices.

Sprinto’s enhanced integration with JAMF now supports automated monitoring of the Screen Lock compliance requirement in addition to existing checks such as OS version, Antivirus, and Disk Encryption.

This enhancement helps compliance teams continuously track screen lock enforcement across JAMF-managed macOS devices, reducing manual verification and audit overhead.

Supported Checks

Compliance Requirement
Description
Supported

OS Version

Verifies that the operating system is up to date

✔️

Disk Encryption

Confirms that FileVault encryption is enabled

✔️

Antivirus

Detects the presence of supported antivirus software

✔️

Screen Lock

Ensures a screen saver and password protection are enforced

✔️ (New)

How It Works

Sprinto connects to the JAMF API to read configuration profiles applied to devices.

The Screen Lock monitor passes when:

  • A configuration profile named Screen Saver (or equivalent) is applied to the device.

  • The Start screen saver after setting is 15 minutes or less.

  • The Require Passcode to Unlock Screen option is enabled.

If any of these configurations are missing or exceed the time threshold, the monitor will show as failing in Sprinto.

Prerequisites

Before enabling this check, ensure that:

  • You have admin access to your JAMF Pro account.

  • You can create or edit Configuration Profiles for macOS devices.

  • Devices are correctly scoped under the configuration profiles.

Configure Screen Lock in JAMF

Follow these steps to enable and enforce the screen lock requirement via JAMF:

1. Access Configuration Profiles

  1. Log in to your JAMF Pro account.

  2. Navigate to ComputersConfiguration Profiles.

  3. Select Create a New Profile, or edit an existing one.

2. Configure Login Window Settings

  1. In the profile editor, open the Login Window section.

  2. Under Options, enable Start screen saver after.

  3. Set the idle timeout to 15 minutes or less.

Sprinto accepts a maximum timeout of 15 minutes.

3. Configure Security and Privacy Settings

  1. Within the same profile, go to Security & Privacy.

  2. Enable Require Passcode to Unlock Screen to enforce password protection after sleep or screen saver activation.

4. Save and Deploy the Profile

  1. Save the configuration profile.

  2. Assign or scope the profile to the relevant device groups to ensure enforcement.

The screen lock policy will not take effect unless assigned to at least one device group.

Troubleshooting

Issue
Possible Cause
Resolution

Screen Lock monitor failing

Profile not assigned to any device group

Assign the profile to the relevant devices

Screen Lock monitor failing

Timeout set above 15 minutes

Reduce to 15 minutes or less

Screen Lock monitor failing

Passcode requirement not enabled

Enable Require Passcode to Unlock Screen under Security & Privacy

Screen Lock monitor missing

JAMF API access not configured

Verify API credentials and permissions in the integration

Next Steps

Once configured:

  • The Screen Lock monitor will appear under the Staff Devices section in Sprinto.

  • Any non-compliant devices will be flagged automatically.

  • Sprinto will generate remediation tasks to help teams achieve compliance.

Related Articles

PreviousExtended Checks in MDM Tool CommsNextManageEngine – Extended Checks for Screen Lock and Antivirus

Last updated